How to crack Mac OS X passwords

by James Kelly

As we are all aware, Mac OS X is based on BSD. Mac OS X is
an UNIX-like operating system (much like Linux and the various other BSD
variants FreeBSD, OpenBSD, NetBSD).

So what does that mean?

It means that your Mac is a multi user operating system. While at the present
time, only one user can use your Mac at a time sitting in front of it, many users
can login via an SSH session and use your Mac simultaneously. If one of those
users has an easy-to guess password, the entire system can be vulnerable to being
hacked.

Why would we want to crack Mac OS X passwords? Cracking the passwords on
your Mac is a way to test the passwords to be sure they are not easily
guessed or
cracked.

What is a bad password?

Empty or no password

Password the same as your username

Anybody’s name, real or imaginary

The name of the operating system you’re using

The hostname of your computer

Any phone number

Auto license plate number, particularly vanity plates

Any part of your social security number

Anybody’s birth date

Other information that is easily obtained about you

Any word in any dictionary. Hackers have dictionaries for languages
like Klingon,
Urdu, Hindi etc.

Passwords of all the same letter

Simple patterns on the keyboard, like QWERTY

Any of the above spelled backwards

Any of the above preceded or followed by one or two digits.

What do you mean by cracking a password? Most password crackers work on what
is called a dictionary attack. It takes a list of known bad passwords and hashes
them and compares them to the hashes in the target machine’s password file.
It’s more like automated password guessing.

4. If the package john-1.6.tar doesn’t compress, open Terminal and cd to
your desktop by

5. Do:

cd Desktop

6. Then do:

tar xvf john-1.6.tar

7. Then do:

cd john-1.6

8. Then do:

cd src
o enter the source file directory.

9. Then do:

make generic

10. After the compilation finishes you should do:

cd ../run

11. Once compilation is complete there should be a binary called “john” in
the directory john-1.6/run

12. to start your cracking fun, once you are inside the run directory do:

sudo nidump passwd / > mymacs.passwd

This will create a password file for your mac. You’ll have to enter your
administrative password.

13. To actually start cracking you do:

./john mymacs.passwd

14. Wait a long while, this may take some time, days
or weeks even. The cracked passwords will be in a file called “john.pot.”

Since this will take a while you might want to run it in the back ground
with a low priority:

nice -n 20 ./john mymacs.passwd &

15. John the ripper comes with a sample
password file password.lst a list of about 2,290 really bad passwords to
use in testing. You can supplement this list with others from the cdrom the
site
owner is selling which contains dictionaries in several languages.

If you want to keep your kids from cracking the passwords on your Mac do
the following:

Do not give them Administrative accounts on the Mac.

Change the permissions on the nidump utility: the default permissions
are:

-r-xr-xr-x 1 root wheel 24024 24 Sep 02:50 /usr/bin/nidump

You might want to remove read and execute permissions from anyone but root.

As root do:

sudo chmod g-xr /usr/bin/nidump

then

sudo chmod o-rx /usr/bin/nidump

The above commands in Terminal will keep anyone but root from executing the
nidump utility. You of course will have to have the root account enabled
to do this.
I would suggest consulting http://www.macosxhints.com for instructions on
how to enable root.